WO2006001996A1 - Procedes et systemes d'utilisation d'une seule verification d'integrite cryptographique pour generer de multiples valeurs de verification d'integrite cryptographiques des composantes d'un contenu transcodable - Google Patents

Procedes et systemes d'utilisation d'une seule verification d'integrite cryptographique pour generer de multiples valeurs de verification d'integrite cryptographiques des composantes d'un contenu transcodable Download PDF

Info

Publication number
WO2006001996A1
WO2006001996A1 PCT/US2005/020173 US2005020173W WO2006001996A1 WO 2006001996 A1 WO2006001996 A1 WO 2006001996A1 US 2005020173 W US2005020173 W US 2005020173W WO 2006001996 A1 WO2006001996 A1 WO 2006001996A1
Authority
WO
WIPO (PCT)
Prior art keywords
integrity check
components
transcodable
content
cryptographic integrity
Prior art date
Application number
PCT/US2005/020173
Other languages
English (en)
Inventor
John G Apostolopoulos
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to EP05770259A priority Critical patent/EP1757014A1/fr
Priority to KR1020067026366A priority patent/KR100950857B1/ko
Publication of WO2006001996A1 publication Critical patent/WO2006001996A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • Effective data delivery systems should possess the capacity to deliver data streams to a multitude of diverse clients across heterogeneous networks that possess time-varying characteristics.
  • the design of such data delivery systems present a variety of challenges for the designers of such systems. For instance, clients to which data is being delivered can possess various display, power, communication, and computational capabilities.
  • communication links in the network over which data is being delivered can possess various maximum bandwidths, quality levels, and time-varying characteristics.
  • Encryption is the conversion of data into a form, called ciphertext that cannot be easily understood by unauthorized receivers. Encryption is important as a means of protecting content when any sensitive transaction is being carried out.
  • Intermediate nodes in the data delivery system may be used to perform stream adaptation, or transcoding, to scale data streams for different downstream client capabilities and network conditions.
  • a transcoder takes a compressed, or encoded, data stream as an input, and then processes it to produce another encoded data stream as an output. Examples of transcoding operations include bit rate reduction, rate shaping, spatial downsampling, and frame rate reduction. Transcoding can improve system scalability and efficiency, for example, by adapting the spatial resolution of an image to a particular client's display capabilities or by dynamically adjusting the bit rate of a data stream to match a network channel's time-varying characteristics.
  • network transcoding facilitates scalability in data delivery systems, it also presents a number of challenges.
  • the process of transcoding can place a substantial computational load on transcoding nodes.
  • computationally efficient transcoding algorithms have been developed, they may not be well- suited for processing hundreds or thousands of streams at intermediate network nodes.
  • transcoding poses a threat to the security of the delivery system because conventional transcoding operations generally require that an encrypted stream be decrypted before transcoding.
  • the transcoded result is re- encrypted but is decrypted at the next transcoder.
  • Each transcoder thus presents a possible breach in the security of the system. This is not an acceptable situation when end-to-end security is required.
  • Compression, or encoding, techniques are used to reduce the redundant information in data, thereby facilitating the storage and distribution of the data by, in effect, reducing the quantity of data.
  • the JPEG (Joint Photographic Experts Group) standard describes one popular, contemporary scheme for encoding image data. While JPEG is satisfactory in many respects, it has its limitations when it comes to current needs. A newer standard, the JPEG2000 standard, is being developed to meet those needs.
  • an important design goal for media compression standards and systems is the ability to adapt or transcode to different downstream network conditions and client capabilities.
  • a checksum is a mathematical value that is assigned to a file and used to authenticate the file at a later date to verify that the data contained in the file has not been modified.
  • a cryptographic checksum is a checksum whose authenticating mathematical value is a function of an authentication key.
  • a cryptogenic checksum is created by performing a complicated series of mathematical operations (known as a cryptographic algorithm) that translates the data in the file and the key into a fixed string of digits.
  • a cryptographic checksum is also often referred to as a Message Authentication Code (MAC).
  • MAC Message Authentication Code
  • CBC-MAC approaches cipher block chaining
  • hash- based cryptographic checksums e.g. hash-based MACs. Note that these algorithms are also referred to by a number of other names, e.g. keyed hash.
  • HMAC HMAC which can be used with a variety of hashes including MD5, SHA-1 , SHA-256, RIPEMD, etc. In these cases the resulting CCS value (or hash-based MAC value) is a function of a key.
  • Integrity checks are another form of authentication check, however it should be noted that sometimes integrity checks may be performed with a key and sometimes without a key. Clearly, the integrity checks with a key prevent someone without access to that key from computing the integrity check (for either malicious reasons or conventional verification reasons), however an integrity check without a key allows anyone to compute the integrity check (for verification or for replacement of the original integrity check value).
  • Digital signatures are another security technique that provide a cryptographic checksum service, plus additional services. Cryptographic checksums are widely used in both data transmission and data storage applications.
  • a single cryptographic integrity check for content is initiated, where the content includes a plurality of components. It should be appreciated that when the cryptographic integrity check has completed for at least one of the plurality of components, a cryptographic integrity check value is recorded for the at least one of the plurality of components. The single cryptographic integrity check is completed to generate a cryptographic integrity check value for the at least one of the plurality of components .
  • Figure 1 shows a system for utilizing a single cryptographic integrity check to generate cryptographic integrity check values for components of content and for content in its entirety according to one embodiment of the present invention.
  • FIG. 2 shows functional components of a cipher block chain-message authentication code (CBC-MAC) system according to one embodiment of the present invention.
  • CBC-MAC cipher block chain-message authentication code
  • Figure 3 illustrates an example of the computational complexity savings of the cryptographic integrity check according to one embodiment of the present invention.
  • Figure 4A shows the functional components of a hash-based authentication system according to an embodiment of the present invention.
  • Figure 4B shows the functional components of a hash-based authentication system according to an embodiment of the present invention.
  • Figure 4C shows the functional components of a hash-based authentication system according to an embodiment of the present invention.
  • Figure 5 shows a flowchart of the steps performed in a method of utilizing a single cryptographic integrity check to generate cryptographic integrity check values for components of content.
  • transcodable content is intended to refer to content that is serviceable by a transcoder.
  • independently encryptable is intended to refer to independently identifiable content components that can be respectively independently (e.g., separately) encrypted/decrypted, encoded/decoded and authenticated.
  • MAC message authentication code
  • FIG. 1 shows a cryptographic integrity check system (CICS) 100 for utilizing a single cryptographic integrity check to generate cryptographic integrity check values for portioned components of transcodable content (e.g., 101a-101f) and/or for the transcodable content (e.g., 101) in its entirety according to one embodiment of the present invention.
  • CICS cryptographic integrity check system
  • Figure 1 shows transcodable content 101 , components of transcodable content 101a-101f, accessor 102, cryptographic integrity checke computer 103, cryptographic integrity check value recorder 105, and output 107.
  • a single cryptographic integrity check for transcodable content (e.g., 101) is initiated and completed to generate a cryptographic integrity check value for at least one of a plurality of components of the transcodable content (e.g., 101a-101f), and/or to generate a cryptographic integrity check value for the transcodable content (e.g., 101 ) in its entirety.
  • Accessor 102 accesses transcodable content 101 supplied by a source of transcodable content 101 (e.g., such as a server, storage medium etc.). Accessor 102 is coupled to the cryptographic integrity check computer 103 and supplies transcodable content 101 to the cryptographic integrity check computer 103.
  • a source of transcodable content 101 e.g., such as a server, storage medium etc.
  • Accessor 102 is coupled to the cryptographic integrity check computer 103 and supplies transcodable content 101 to the cryptographic integrity check computer 103.
  • Transcodable content 101 is comprised of components of transcodable content 101a-101f.
  • Transcodable content 101 is supplied by a source of transcodable content (e.g., such as a server, data storage medium etc.) to accessor 102.
  • a source of transcodable content e.g., such as a server, data storage medium etc.
  • transcodable content 101 can be encoded in a manner that facilitates transcoding such as by a transcoder (not shown).
  • transcodable content 101 can be transcoded by the selection and combining of a selected subset of the components of transcodable content (e.g., 101 a-101f) that constitute transcodable content 101.
  • the resulting transcoded content is also transcodable.
  • transcodable content 101 may include associated information (e.g., an unencrypted header) that provides hints or explicit directions for performing the transcoding of transcodable content 101.
  • hints may include the rate-distortion (R-D) consequences for keeping or discarding the content in question. They may also include information about the dependence of this content on other content.
  • Alternative information may include the acquisition/capture or display/presentation timestamp, media type (video or speech), or scalability information (e.g. spatial resolution, frame rate, bandwidth, subband information, bit rate, quality layer, bit plane, color component, channel for audio (single, which stereo channels, specific channels in a multichannels audio program, etc)).
  • CICS 100 further includes a cryptographic integrity check computer 103 coupled to accessor 102.
  • Cryptographic integrity check computer 103 accesses transcodable content 101 that is supplied by accessor 102.
  • cryptographic integrity check computer 103 computes a single cryptographic integrity check for transcodable content 101 that is comprised of components of transcodable content 101 a-101f.
  • the operation of cryptographic integrity check computer 103 is discussed below in detail.
  • Cryptographic integrity check value recorder 105 records integrity check values determined for transcodable content 101 in its entirety and for desired components of transcodable content 101a-101f.
  • Cryptographic integrity check value recorder 105 is coupled to cryptographic integrity check computer 103 and records a cryptographic integrity check value supplied therefrom for at least one of the components of transcodable content 101a-101f when the cryptographic integrity check has completed for that component of transcodable content (e.g., 101a- 101f). It should be appreciated that the cryptographic integrity check value recorder 105 records a cryptographic integrity check value for transcodable content 101 in its entirety when the cryptographic integrity check computation for transcodable content 101 in its entirety is completed.
  • Output 107 outputs a cryptographic integrity check value for at least one of the components of transcodable content 101a-101f (if desired) and also for the transcodable content 101 in its entirety. It should be appreciated that output 107 is coupled to the cryptographic integrity check value recorder 105 and accesses integrity check values therefrom.
  • transcodable content 101 (including components of transcodable content 101a-101f) is accessed by accessor 102 which supplies the transcodable content 101 to cryptographic integrity check computer 103.
  • Cryptographic integrity check computer 103 performs a single integrity check on transcodable content 101 that generates therefrom integrity checks for specified components of transcodable content 101 a-101 f and/or for the transcodable 101 in its entirety. Integrity checks for the specified components of transcodable content 101 a-101 f and for the transcodable content 101 in its entirety are recorded by cryptographic integrity check value recorder 105 and are made accessible at output 107.
  • the single cryptographic integrity check for transcodable content 101 is initiated and completed to generate a cryptographic integrity check value for at least one of a plurality of components of the transcodable content 101 a-101f, and also to generate a cryptographic integrity check value for the transcodable content 101 in its entirety.
  • cryptographic integrity check values corresponding to desired components (e.g., 101 a-101f) of a measure of transcodable content 101 , for which a cryptographic integrity check is being computed are recorded in a lookup table during the computation of the cryptographic integrity check.
  • other suitable methods e.g., such as various types of storage devices
  • recording the correspondence between components of transcodable content 101 and their corresponding cryptographic integrity check values can be employed.
  • Different applications may desire to compute cryptographic integrity check values for different components. For example, it may be desired to compute cryptographic integrity check values for any desired subset of the components of the transcodable content. For instance, it may be desireable to compute associated cryptographic integrity check values for all possible subsets of components, i.e. if there are N different components, and if all possible subsets of the N components are possible then there are 2 ⁇ N possible subsets. For example, in the case of three components ⁇ A,B,C ⁇ , then the possible subsets are ⁇ A ⁇ , ⁇ B ⁇ , ⁇ C ⁇ , ⁇ A,B ⁇ , ⁇ A,C ⁇ , ⁇ B,C ⁇ ( ⁇ A,B,C ⁇ and the empty subset ⁇ .
  • an identification of transcodable components e.g., components of transcodable content 101 a-101 f
  • a bitstream e.g., of transcodable content 101
  • an associated integrity check is computed.
  • a block cipher in cipher block chain (CBC) mode with an initialization vector (IV) of zero is applied to each transcodable component (e.g., components of transcodable content 101 a-101 f) of the transcodable content to be authenticated.
  • the last block of the resulting CBC output is used as the integrity check (or message authentication code).
  • This approach can be referred to as CBC-MAC (see Figure 2 discussion below).
  • the length of the MAC can be lengthened or shortened as a means of arriving at the appropriate tradeoff between the cost paid in bits for the MAC and the MACs probability of detecting a change in the content. It should be appreciated that the probability of a different message providing the same MAC value is approximately 2 ⁇ (-L) where L is the length of the MAC in bits. As such, longer MACs provide better protection at the expense of requiring more bits (e.g., overhead). Consequently, according to exemplary embodiments, the length of the MAC associated with each measure of content can be adapted to provide a desired level of security.
  • a MAC is computed as described herein for each transcodable component (e.g., component of transcodable content 101 a-101 f) of a bitstream (e.g., transcodable content 101).
  • the transcodable components of the bitstream e.g., transcodable content 101
  • their associated MACs are composited together. It should be appreciated that the composite bitstream can then be encrypted using a stream cipher mode encryption scheme. Consequently, fine grain granularity is affected that features a fine grain location of truncation points (e.g., such as for transcoding).
  • the truncation points are configured to coincide with transcodable components (e.g., components of transcodale content 101 a-101 f) of the bitstream (e.g., transcodable content 101) and associated MACs.
  • transcodable components e.g., components of transcodale content 101 a-101 f
  • bitstream e.g., transcodable content 101
  • each one of the truncations can be selected to provide an encrypted set of bits which is independently decryptable, independently authenticatable, and independently decodable.
  • transcodable content e.g., 101
  • transcodable content e.g., 101
  • transcodable content is enabled to be decrypted independently of other proximately located transcodable content (e.g., 101 ).
  • a cryptographic integrity check is computed for each one of the plurality of components of transcodable content (101 a-101 f) that constitutes the transcodable content (e.g., 101).
  • a first cryptographic integrity check is calculated for a first component of transcodable content
  • a second cryptographic integrity check is calculated for the combination of a second component of transcodable content, the first component of transcodable content, and the first cryptographic integrity check.
  • the second cryptographic integrity check may be calculated for the combination of the first and second components of transcodable content.
  • the cryptographic integrity check is computed using a CBC-MAC. In another embodiment, the cryptographic integrity check is computed using a hash function, for example an HMAC algorithm using SHA-1. In another embodiment, the cryptographic integrity check is computed using other suitable methods of computing the cryptographic integrity check.
  • Figure 2 shows the functional components of a cipher block chain-message authentication code (CBC-MAC) system 200 according to one embodiment of the present invention.
  • Figure 2 shows components of transcodable content (e.g., 101 a-101 f of Figure 1) intermediate access points 201 a-201 n, plaintext block X 203a, plaintext block x+1 203b, plaintext block n 203n, initialization vector 205, encryption components 207a-207n, logical combiners 209a-209n, ciphertext block X 211 a, ciphertext block X+1 211 b, and ciphertext block n 211 n.
  • transcodable content e.g., 101 a-101 f of Figure 1
  • intermediate access points 201 a-201 n plaintext block X 203a
  • plaintext block x+1 203b plaintext block n 203n
  • initialization vector 205 initialization vector 205
  • encryption components 207a-207n
  • blocks of content x, x+1 and n are supplied as inputs to CBC-MAC system 200 (e.g., 203a-203n).
  • the ciphertext of block x e.g., 211a, encrypted by encryption component 207a
  • logical combiner 209b with the plaintext of block x+1 (e.g., 203b) before it is encrypted (by encryption component 207b).
  • the ciphertext of block x+1 (e.g., 211b) is logically combined (e.g., XORed) by logical combiner 209n with the plaintext of block n (e.g., 203n) before it is encrypted (by encryption component 207n).
  • the plaintext of block x (e.g., 203a) is initially logically combined by logical combiner 209a with an initialization vector 205 of zero.
  • a feature of the internal structure of the CBC-MAC system 200 of Figure 2 is that intermediate components of transcodable content (e.g., 101a-101f of Figure 1 ) are made accessible during a single cryptographic integrity check session (via components of transcodable content 101a-101f intermediate access points 201a-201 n).
  • components of transcodable content e.g., 101 a-101f of Figure 1
  • corresponding to blocks of content x, x+1 and n are accessible at intermediate access points 201 a-201 n as is illustrated in Figure 2.
  • the internal structure of the CBC-MAC system 200 noted above is exploited such that intermediate cryptographic integrity check values that correspond to components of transcodable content (e.g., 101a-101f of Figure 1) and/or the transcodable content (e.g., 101 of Figure 1) in its entirety are computed and recorded during a single cryptographic integrity check session. These values are based on outputs that correspond to components of transcodable content (e.g., ciphertext block x 201a and ciphertext block x+1 211b) and transcodable content in its entirety (e.g., ciphertext block 211 n), accessible respectively at outputs 201a, 201b and 201 n.
  • transcodable content e.g., 101a-101f of Figure 1
  • transcodable content e.g., 101 of Figure 1
  • Figure 3 illustrates an example of the computational load savings of the cryptographic integrity check methodology according to one embodiment of the present invention.
  • Figure 3 shows transcodable content 301 and components of transcodable content 301a and 301b, and cryptographic integrity checks 301 ', 301 A' and 301 B'.
  • the computational cost of computing a cryptographic integrity check for data of length L is approximately CL, i.e. it is proportional to the length of the data where the proportionality constant is denoted by C.
  • C One can also view C as the computational cost per unit length of data for computing the cryptographic integrity check.
  • N corresponds to the number of components of transcodable content (e.g., 301a and 301 b) and transcodable content itself (e.g., 301) involved in the computations.
  • the CPU utilization involved in computing cryptographic integrity checks for transcodable content 301 e.g., 301 '
  • components of transcodable content 301a and 301b e.g., 301 a' and 301 b'
  • CL the CPU utilization involved in computing cryptographic integrity checks for transcodable content 301 (e.g., 301 ')
  • components of transcodable content 301a and 301b e.g., 301 a' and 301 b'
  • FIGs 4A-4C show the functional components of a hash-based authentication system according to an embodiment of the present invention.
  • the HMAC algorithm consists of four basic operations illustrated in Figure 4A: (401) an input-processing using a key (shown having inputs k and ipad and output S 1 in Figure 4B), (402) an output- processing using a key (shown as having inputs K and opad and output S 0 in Figure 4B), (403) the main computation where the hash (403A of Figure 4B) is computed of the data (401 A of Figure 4B) concatenated with the input-processed result from (401), and (404) the final computation of the MAC (e.g., 404B of Figure 4B) using the computed hash (403B of Figure 4B) from (403) and the output processing from (402).
  • (401) and (402) only depend on the key, are easy to compute, and can be pre-computed and stored and used multiple times (when the key is used multiple times). Also, operation (404) is a single hash computation of a very short string of bits. However, operation (403) is a hash computation of the original data (which can be quite long) and this leads to a large majority of the required computation whenever HMAC is used.
  • transcodable content # 1 (TC #1)
  • transcodable content #2 (TC #2)
  • TC #N transcodable content #N
  • the present embodiment enables us to efficiently compute cryptographic integrity checks or MACs for all N transcodable contents (shown as Y 0 through Y L . ⁇ n Figures 4B and 4C).
  • operations (401 ) and (402) can be performed and a computed value stored for use in computing the MACs for all N possible transcodable contents. This is assuming the case when each transcodable content uses the same key. If they use different keys, operations (401) and (402) are performed with different keys.
  • operations (401) and (402) are performed with different keys.
  • FIG. 5 shows a flowchart 500 of the steps performed in processes of the present invention which, in one embodiment, are carried out by processors and electrical components under the control of computer readable and computer executable instructions.
  • the computer readable and computer executable instructions reside, for example, in data storage memory units. However, the computer readable and computer executable instructions can reside in other types of computer readable medium.
  • specific steps are disclosed in the flowcharts, such steps are exemplary. That is, the present invention is well suited to performing various other steps or variations of the steps recited in the flowcharts. Within the present embodiment, it should be appreciated that the steps of the flowcharts may be performed.
  • Figure 5 shows a flowchart of the steps performed in a method of utilizing a single cryptographic integrity check to generate cryptographic integrity check values for components of transcodable content according to one embodiment of the present invention.
  • a single cryptographic integrity check for transcodable content (e.g., 101 of Figure 1) is initiated for transcodable content comprised of a plurality of components.
  • an accessor e.g., 102 of Figure 1 accesses transcodable content (e.g., 101 of Figure 1) that is supplied by a source of transcodable content (e.g., such as a server, storage medium etc.).
  • the accessor e.g., 102 of Figure 1 is coupled to a cryptographic integrity check computer (e.g., 103 of Figure 1) and supplies transcodable content (e.g., 101 of Figure 1) to the cryptographic integrity check computer (e.g., 103 of Figure 1).
  • a cryptographic integrity check computer (e.g., 103 of Figure 1) is coupled to an accessor (e.g., 102 of Figure 1) and accesses content (e.g., 101 of Figure 1) supplied by the accessor (e.g., 102 of Figure 1).
  • Cryptographic integrity check computer (e.g., 103 of Figure 1) performs a single cryptographic integrity check computation for transcodable content (e.g., 101 of Figure 1) that is comprised of the components of transcodable content (e.g., 101a-101f of Figure 1).
  • a cryptographic integrity check value for at least one of the plurality of components of transcodable content is recorded.
  • a cryptographic integrity check value is recorded for at least one of the plurality of components of transcodable content (e.g., 101a-101f of Figure 1) when the cryptographic integrity check has completed for the at least one of the plurality of components of transcodable content (e.g., 101 a-101f of Figure 1).
  • a cryptographic integrity check value recorder (e.g., 105 of Figure 1) records integrity check values for transcodable content (e.g., 101 of Figure) in its entirety and for desired components of transcodable content (e.g., 101a-101f) of Figure 1).
  • the cryptographic integrity check value recorder (e.g., 105 of Figure 1 records a cryptographic integrity check value for at least one of the components of transcodable content (e.g., 101 a-101 f of Figure 1) when the cryptographic integrity check has completed for that component of transcodable content (e.g., 101 a-101 f of Figure 1) and for the transcodable content (e.g., 101 in Figure 1) in its entirety when the cryptographic integrity check is completed.
  • a single cryptographic integrity check is completed to generate a cryptographic integrity check value for at least one of the plurality of components of transcodable content (e.g., 101 a-101 f of Figure 1) and also to generate a cryptographic integrity check value for the transcodable content (e.g., 101 in Figure 1) in its entirety.
  • an output (e.g., 107 of Figure 1) outputs a cryptographic integrity check value for at least one of the components of transcodable content (e.g., 101a-101f of Figure 1) and also for the transcodable content in its entirety. It should be appreciated that output (e.g., 107 of Figure 1) is coupled to the cryptographic integrity check value recorder (e.g., 105 of Figure 1) and accesses integrity check values therefrom.
  • the cryptographic integrity check value recorder e.g., 105 of Figure 1
  • embodiments of the present invention provide methods and systems for utilizing a single cryptographic integrity check computation to generate cryptographic integrity check values for components of transcodable content.
  • a single cryptographic integrity check for transcodable content is initiated, where the transcodable content includes a plurality of components. It should be appreciated that when the cryptographic integrity check has completed for at least one of the plurality of components, a cryptographic integrity check value is recorded for the at least one of the plurality of components. The single cryptographic integrity check is completed to generate a cryptographic integrity check value for the at least one of the plurality of components.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé d'utilisation d'une seule vérification d'intégrité cryptographique pour générer de multiples valeurs de vérification d'intégrité cryptographique des composantes d'un contenu transcodable. Dans un mode de réalisation, une seule vérification d'intégrité cryptographique du contenu est initialisée (501), le contenu comprenant une pluralité de composantes. Lorsque la vérification d'intégrité cryptographique est terminée pour au moins une des composantes, une valeur de vérification d'intégrité cryptographique est enregistrée pour au moins une des composantes (503). La vérification d'intégrité cryptographique unique est terminée afin de générer une valeur de vérification d'intégrité cryptographique pour au moins une des composantes (505).
PCT/US2005/020173 2004-06-15 2005-06-08 Procedes et systemes d'utilisation d'une seule verification d'integrite cryptographique pour generer de multiples valeurs de verification d'integrite cryptographiques des composantes d'un contenu transcodable WO2006001996A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP05770259A EP1757014A1 (fr) 2004-06-15 2005-06-08 Procedes et systemes d'utilisation d'une seule verification d'integrite cryptographique pour generer de multiples valeurs de verification d'integrite cryptographiques des composantes d'un contenu transcodable
KR1020067026366A KR100950857B1 (ko) 2004-06-15 2005-06-08 변환 부호화 가능 콘텐츠의 구성요소들에 대한 다수의 암호무결성 검사값을 발생시키기 위하여 단일 암호 무결성검사를 사용하기 위한 시스템 및 방법

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/869,654 US20060005031A1 (en) 2004-06-15 2004-06-15 Methods and systems for utilizing a single cryptographic integrity check to generate multiple cryptographic integrity check values for components of transcodable content
US10/869,654 2004-06-15

Publications (1)

Publication Number Publication Date
WO2006001996A1 true WO2006001996A1 (fr) 2006-01-05

Family

ID=35149120

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/020173 WO2006001996A1 (fr) 2004-06-15 2005-06-08 Procedes et systemes d'utilisation d'une seule verification d'integrite cryptographique pour generer de multiples valeurs de verification d'integrite cryptographiques des composantes d'un contenu transcodable

Country Status (4)

Country Link
US (1) US20060005031A1 (fr)
EP (1) EP1757014A1 (fr)
KR (1) KR100950857B1 (fr)
WO (1) WO2006001996A1 (fr)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8832466B1 (en) * 2006-01-27 2014-09-09 Trustwave Holdings, Inc. Methods for augmentation and interpretation of data objects
EP2040411B1 (fr) * 2006-07-27 2017-01-18 Intertrust Technologies Corporation Dispositif de terminal, dispositif de serveur et système de distribution de contenus
WO2008034998A1 (fr) * 2006-09-18 2008-03-27 France Telecom Amelioration de la resistance aux attaques cryptanalytiques d'une fonction de hachage
US8676822B2 (en) * 2009-02-06 2014-03-18 Disney Enterprises, Inc. System and method for quality assured media file storage
US9071843B2 (en) * 2009-02-26 2015-06-30 Microsoft Technology Licensing, Llc RDP bitmap hash acceleration using SIMD instructions
JP2011254440A (ja) * 2010-06-04 2011-12-15 Toshiba Corp 情報処理装置
DE102012205273A1 (de) * 2012-03-30 2013-10-02 Siemens Aktiengesellschaft Medizinische Datenkompression zur Datenverarbeitung in einem Cloud-System
RU2602332C1 (ru) 2013-01-21 2016-11-20 Долби Лабораторис Лайсэнзин Корпорейшн Перекодировка метаданных
JP6571314B2 (ja) * 2013-06-18 2019-09-04 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America 送信方法
US10484181B2 (en) * 2016-12-12 2019-11-19 Datiphy Inc. Streaming non-repudiation for data access and data transaction
US10615984B1 (en) * 2017-10-03 2020-04-07 EMC IP Holding Company LLC Enhanced authentication method for Hadoop job containers
CN108881253B (zh) * 2018-06-29 2020-11-06 全链通有限公司 区块链实名参与方法和系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0725511A2 (fr) * 1995-02-06 1996-08-07 International Business Machines Corporation Procédé de chiffrage/déchiffrage de données utilisant le chaînage par blocs (CBC) et des codes d'authentification de message (MAC)
EP1041767A2 (fr) * 1999-03-30 2000-10-04 Fujitsu Limited Authentification de données électroniques
US6226742B1 (en) * 1998-04-20 2001-05-01 Microsoft Corporation Cryptographic technique that provides fast encryption and decryption and assures integrity of a ciphertext message through use of a message authentication code formed through cipher block chaining of the plaintext message
US20040111610A1 (en) * 2002-12-05 2004-06-10 Canon Kabushiki Kaisha Secure file format

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5715164A (en) * 1994-12-14 1998-02-03 Ascom Hasler Mailing Systems Ag System and method for communications with postage meters
US20020178360A1 (en) * 2001-02-25 2002-11-28 Storymail, Inc. System and method for communicating a secure unidirectional response message
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
US7099873B2 (en) * 2002-05-29 2006-08-29 International Business Machines Corporation Content transcoding in a content distribution network
US7428751B2 (en) * 2002-12-05 2008-09-23 Microsoft Corporation Secure recovery in a serverless distributed file system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0725511A2 (fr) * 1995-02-06 1996-08-07 International Business Machines Corporation Procédé de chiffrage/déchiffrage de données utilisant le chaînage par blocs (CBC) et des codes d'authentification de message (MAC)
US6226742B1 (en) * 1998-04-20 2001-05-01 Microsoft Corporation Cryptographic technique that provides fast encryption and decryption and assures integrity of a ciphertext message through use of a message authentication code formed through cipher block chaining of the plaintext message
EP1041767A2 (fr) * 1999-03-30 2000-10-04 Fujitsu Limited Authentification de données électroniques
US20040111610A1 (en) * 2002-12-05 2004-06-10 Canon Kabushiki Kaisha Secure file format

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BLACK J, ROGAWAY PH.: ""PMAC: A Parallelizable Message Authentication Code", NIST MODES OF OPERATIONS WORKSHOP 2 - AUGUST 24, 2001, SANTA BARBARA, CALIFORNIA, 2001, pages 1 - 16, XP002352652 *

Also Published As

Publication number Publication date
KR20070022089A (ko) 2007-02-23
EP1757014A1 (fr) 2007-02-28
KR100950857B1 (ko) 2010-03-31
US20060005031A1 (en) 2006-01-05

Similar Documents

Publication Publication Date Title
KR100950857B1 (ko) 변환 부호화 가능 콘텐츠의 구성요소들에 대한 다수의 암호무결성 검사값을 발생시키기 위하여 단일 암호 무결성검사를 사용하기 위한 시스템 및 방법
EP1678586B1 (fr) Procede et dispositif pour garantir l'integrite de donnees
JP4907518B2 (ja) トランスコード可能暗号化コンテンツを生成するための方法及びシステム
US7581094B1 (en) Cryptographic checksums enabling data manipulation and transcoding
US5907619A (en) Secure compressed imaging
CN100483992C (zh) 数据流的加密、解密方法和装置
US7313814B2 (en) Scalable, error resilient DRM for scalable media
US6989773B2 (en) Media data encoding device
US7057535B2 (en) Methods for scaling encoded data without requiring knowledge of the encoding scheme
US20100268960A1 (en) System and method for encrypting data
JP6608436B2 (ja) エンコーダ、デコーダ、及び部分的データ暗号化を用いる方法
KR20080059316A (ko) 데이터 부분을 최적화하는 방법
US20170237715A1 (en) Encoder, decoder and method
US8081755B2 (en) JPEG2000 syntax-compliant encryption with full scalability
KR101150619B1 (ko) 데이터 처리 방법
US20050180563A1 (en) Methods for scaling a progressively encrypted sequence of scalable data
KR20220036916A (ko) 비디오 단편을 2개 이상의 변형으로 워터마킹하는 방법
Yi et al. Efficient authentication of scalable media streams over wireless networks
Lindskog et al. A content-independent scalable encryption model
Apostolopoulos et al. Supporting secure transcoding in JPSEC
Hosseini et al. Encryption of MPEG video streams
Conan et al. Study and validation of tools interoperability in the JPSEC framework
JP2024112776A (ja) ビデオシーケンスの検証のための送信機、受信機、ならびに送信機および受信機における方法
Kim Secure scalable streaming for integrity verification of media data
Wee et al. JPSEC: Securing JPEG 2000 Files (Part 8)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005770259

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020067026366

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

WWP Wipo information: published in national office

Ref document number: 1020067026366

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005770259

Country of ref document: EP